WISP stands for “written information security program.” If you’re a Massachusetts business, school or nonprofit, or even if you operate in another state and happen to have Massachusetts customers, students, clients, members or employees, it’s almost certain that you’re required to have one and follow it. If you don’t, you could face major fines whether or not personal information becomes breached. Hopefully, your company, school, organization or entity is aware of the 2010 Massachusetts law that mandated WISPs and already has one in place. If not, set forth below are links to a “Small Business Guide” (with general applicability to schools and other nonprofits) published by the Massachusetts Office of Consumer Affairs and Business Regulation, as well as to a “Compliance Checklist” published by the same Office. If you have any questions about WISPs, please don’t hesitate to contact me at 617-872-8648.http://www.mass.gov/ocabr/docs/idtheft/sec-plan-smallbiz-guide.pdf